1 Answer
1

The reason sudo is better than having a root password and using su in a multi admin environment is because with su, every admin has to know the root password, so if you ever want to revoke an admin's access, you have to change the password, and tell all of the other admins. With sudo you just remove them from the admin group.

sudo also offers more fine grained control, because you can configure it to allow people to run only a specific set of commands as root. For instance, you can allow helpdesk people to run passwd to reset users's passwords, without giving them full root access.

The quote you mention is actually wrong. Ubuntu locks the root account by default, so it has no password, but can not be logged in as. It also has a patched sulogin so that if the listed value in /etc/shadow is a bare "!" character ( the default, locked, no password value ), then single user/recovery mode will not prompt you for a root password to login.

thanks, so what you're saying is using sudo i is an ok practice? I guess i'm confused b/c than anyone that accesses the machine can just type sudo i and do what they want. Is that fear not warranted?
–
tim petersonFeb 19 '13 at 16:12

@timpeterson only users in the admin group can use sudo.
–
Random832Feb 19 '13 at 16:13

@Random832 how is the admin group defined? I obviously am part of it but confess I have no idea what I did during the setup which made me an admin.
–
tim petersonFeb 19 '13 at 16:17

@timpeterson, sudo is configured via /etc/sudoers, and the installer puts the initial user it prompts you to create in the admin group automatically. You should read the sudo man page for details.
–
psusiFeb 19 '13 at 16:27

2

@timpeterson, yes.. if you want a root shell instead of just prefixing an individual command with sudo, then sudo -i or sudo -s is the way to go. The difference between the two is that -s preserves your environment so for instance, ~ still refers to YOUR home directory, instead of root's. This is usually the preferred behavior. The su equivalent to this difference is su vs su -.
–
psusiFeb 19 '13 at 16:34